163 lines
4 KiB
Plaintext
163 lines
4 KiB
Plaintext
|
# Test #1 - This test exercises all the basic functionalities of the
|
||
|
# COM implementation of IAccessControl.
|
||
|
|
||
|
# Init a new COM IAccessControl object by passing a NULL IStream pointer
|
||
|
# into IPersistStream::Load
|
||
|
|
||
|
Exec InitNewACL
|
||
|
|
||
|
# I'll add 4 DENY_ACCESS ACEs and 5 GRANT_ACCESS ACEs to the ACL
|
||
|
|
||
|
# First, I'll add the GRANT_ACCESS entries to the ACL but before doing that,
|
||
|
# I have to set up an access request list locally
|
||
|
|
||
|
ToggleAccessPerm COM_RIGHTS_EXECUTE
|
||
|
|
||
|
Set TrusteeName RAYLAND\ACTEST1
|
||
|
AddTrustee AccessRequestList
|
||
|
Set TrusteeName RAYLAND\ACTEST2
|
||
|
AddTrustee AccessRequestList
|
||
|
Set TrusteeName RAYLAND\ACTEST3
|
||
|
AddTrustee AccessRequestList
|
||
|
Set TrusteeName RAYLAND\ACTEST4
|
||
|
AddTrustee AccessRequestList
|
||
|
Set TrusteeName RAYLAND\ADMINISTRATOR
|
||
|
AddTrustee AccessRequestList
|
||
|
|
||
|
# Add the GRANT_ACCESS ACEs
|
||
|
Exec GrantAccessRights
|
||
|
|
||
|
#Take a peek at the ACL
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
# Goes through the same procedure for DENY_ACCESS ACEs but removes the local access request list first
|
||
|
Destroy AccessRequestList
|
||
|
|
||
|
Set TrusteeName RAYLAND\ACTEST5
|
||
|
AddTrustee AccessRequestList
|
||
|
Set TrusteeName RAYLAND\ACTEST6
|
||
|
AddTrustee AccessRequestList
|
||
|
Set TrusteeName RAYLAND\ACTEST7
|
||
|
AddTrustee AccessRequestList
|
||
|
Set TrusteeName RAYLAND\ACTEST8
|
||
|
AddTrustee AccessRequestList
|
||
|
|
||
|
# Add the DENY_ACCESS ACEs
|
||
|
Exec DenyAccessRights
|
||
|
|
||
|
# Call GetExplicitAccessRights to see if the ACL has been set up properly
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
# Set current trustee to RAYLAND\ADMINISTRATOR and perform access
|
||
|
Set TrusteeName RAYLAND\Administrator
|
||
|
|
||
|
# RAYLAND\Administrator should be granted COM_RIGHTS_EXECUTE access
|
||
|
Exec IsAccessPermitted
|
||
|
|
||
|
# Change the client security context to that of RAYLAND\ACTEST2 so I can preform some
|
||
|
# access checking
|
||
|
SwitchClientCtx
|
||
|
ACTEST2
|
||
|
RAYLAND
|
||
|
|
||
|
# Set the current trustee to RAYLAND\ACTEST2
|
||
|
Set TrusteeName RAYLAND\ACTEST2
|
||
|
|
||
|
# Call IsAccessPermitted to perform acces checking. ACTEST2 should be granted access
|
||
|
# to the object.
|
||
|
Exec IsAccessPermitted
|
||
|
|
||
|
# Revoke some trustees from the ACL and see what happens....
|
||
|
Set TrusteeName RAYLAND\ACTEST4
|
||
|
AddTrustee TrusteeList
|
||
|
Exec RevokeExplicitAccessRights
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
Destroy TrusteeList
|
||
|
Set Trusteename RAYLAND\ACTEST2
|
||
|
AddTrustee TrusteeList
|
||
|
Exec RevokeExplicitAccessRights
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
# Call GetSizeMax to get the number of bytes required to dsave the ACL
|
||
|
Exec GetSizeMax
|
||
|
|
||
|
# Save the ACL to a file
|
||
|
Exec SaveACL c:\actests\data1
|
||
|
|
||
|
# Init a new ACL
|
||
|
Exec InitNewACL
|
||
|
|
||
|
# Take a look at the current ACL, it should be empty
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
# Load the ACL back from the same file
|
||
|
Exec LoadACL c:\actests\data1
|
||
|
|
||
|
# Take a look at the ACL, it should look the same as before it was saved
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
# Revoke two grant ACEs to see what happens
|
||
|
Set TrusteeName RAYLAND\ACTEST4
|
||
|
AddTrustee TrusteeList
|
||
|
|
||
|
Exec RevokeAccessRights
|
||
|
|
||
|
# Take a look at the resulting ACL
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
Destroy TrusteeList
|
||
|
Set TrusteeName RAYLAND\ACTEST2
|
||
|
AddTrustee TrusteeList
|
||
|
|
||
|
Exec RevokeAccessRights
|
||
|
|
||
|
# Take another peek a the resulting ACL
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
# Perform access check for RAYLAND\ACTEST2 to check
|
||
|
# if the revoking really works. RAYLAND\ACTEST2 should
|
||
|
# be denied access to the object.
|
||
|
|
||
|
Set TrusteeName RAYLAND\ACTEST2
|
||
|
Exec IsAccessPermitted
|
||
|
|
||
|
# Replace the ACL with a new one
|
||
|
Set TrusteeName A
|
||
|
Set AccessMode GRANT_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
Set TrusteeName B
|
||
|
Set AccessMode DENY_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
Set TrusteeName G
|
||
|
Set AccessMode GRANT_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
Set TrusteeName H
|
||
|
Set AccessMode DENY_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
Set TrusteeName E
|
||
|
Set AccessMode GRANT_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
Set TrusteeName K
|
||
|
Set AccessMode DENY_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
Set TrusteeName F
|
||
|
Set AccessMode GRANT_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
Set TrusteeName L
|
||
|
Set AccessMode DENY_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
Set TrusteeName A
|
||
|
Set AccessMode GRANT_ACCESS
|
||
|
AddTrustee ExplicitAccessList
|
||
|
|
||
|
Exec ReplaceAllAccessRights
|
||
|
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
# Kill server and quit
|
||
|
Quit
|
||
|
|
||
|
# End of Test #1
|
||
|
|